Ubuntu - 3. page

Open Monitoring Distribution (OMD) is an Open Source network, server, and datacenter monitoring platform and it’s absolutely fantastic. It’s basically a bunch of different monitoring systems all pooled into one platform. My favorite part of OMD is that it includes Check_MK, which I think is the best monitoring interface out there. But, it’s a lot more than that. Here is a breif list of what OMD contains (there’s more than this).

Nagios

Icinga

Shinken

Check_MK

Multisite

DokuWiki

NagVis

pnp4nagios

rrdtool

That’s just a brief list of all the greatness that’s packaged into OMD. Every network and home lab should have an OMD installation running on a virtual machine to keep tabs on everything and alert you when something goes wrong. Today, I’ll be installing and configuring OMD on an Ubuntu 14.04 virtual machine. So, lets get started already.

Installing OMD on Ubuntu 14.04

I always like to make sure everything is updated and upgraded when I’m setting up a new server. So lets go ahead and do that.

sudo apt-get update
sudo apt-get -y upgrade

Now we can get to work installing OMD. Fortunately, there are OMD packages already made for some of the more popular Linux distributions, Ubuntu 14.04 included. You can see all of the available packages by clicking on this link. As of this writing, OMD version 1.20 is the latest so that’s what I’m going to install. Check and see what the latest version is before getting started.

OpenVAS is one of the most amazing Open Source packages in existence. It is an Open Source fork on the Nessus Vulnerability Scanner, on steroids. If you aren’t familiar with it, let me give you a brief introduction. OpenVAS is short for Open Source Vulnerability Assessment System. it is by far the number one free network and security scanner in existence. I has a database of nearly half a MILLION exploits for nearly every operating system, web app, and device in existence, and that database is constantly being expanded and updated. Installation isn’t too bad, if you have a good guide to help you. Once installed, it’s extremely easy to use. It has a web interface that can be as easy as typing in a host name or IP address and clicking scan. Of course, you can also customize the scans and there is also a handful of pre-configured scans, some thorough, and some less thorough. Reports are generated after a scan completes, which is viewable via the web interface, or you can even generate a PDF report that is useful for a network administrator, as well as upper management, if needed. There are software packages in existence that cost tens of thousands of dollars and fall short of OpenVAS’s feature set. Now that you have a brief introduction to OpenVAS, let’s get started on installing it.

How to install OpenVAS 8 on Ubuntu 14.04

OpenVAS has packages for CentOS and RedHat, which makes it very easy to install on those platforms. It only requires a few yum commands. Unfortunately, they do not have packages for Ubuntu. However, it’s not that hard to install. I’m assuming you have done a minimal installations of Ubuntu 14.04 Server, with only the OpenSSH Server packages installed.

So, you need to install vmtools on Ubuntu. You’ve come to the right place. I’ve done it hundreds of times, but recently a friend of mine was having some difficulty doing this. I thought I would put a quick how-to together so I could maybe help some more people out. Here goes.

How To Install VMtools on Ubuntu

First thing’s first. Before going any further, I suggest you update apt, and then upgrade. This will make sure everything is up to date on your virtual machine.

# sudo apt-get -y update
# sudo apt-get -y upgrade

Now, you need to attach the VMware tools installation disc to your virtual machine. In ESXi / vSphere, just right click on the virtual machine, in the left pane, go to Guest, then select “Install/Upgrade VMware Tools.” Like this.

If you are using VMware Workstation, or VMware Fusion, select the virtual machine in the library, then under the Virtual Machine pull down menu at the top, select “Install VMware Tools.” In VMware Fusion, it looks like this.

So, you want to build a WordPress server? One that won’t barf all over itself every time a link is posted to Digg or Reddit? Well, you’ve come to the right place. Building an insanely fast web server isn’t rocket science. It’s actually pretty darn straight forward. I’ve built more web servers than I care to remember, which means I’ve also made more mistakes I care to remember. All in the name of trying to make things faster. If speed is your goal, there’s only a few important key things to remember. If speed is absolutely the most critical variable in a situation, my philosophy is something like this:

KISS – Keep It Simple Stupid. Seriously… No control panels, plugins, or other bloated garbage.

FAST Server – This should be a given, but no shared servers. Only VPS, VM or bare metal awesomeness.

Optimization – Optimize, minimize, downsize, and compress everything as much as you can get away with.

Optionally, using a CDN (Content Delivery Network) can really speed things up; as well as a high quality distributed DNS service. But, not absolutely necessary.

Like I said, we’re talking about building an INSANELY FAST WordPress server here. Obviously if you’re Joe Shmoe from Motown, you can probably get by just fine on a quality managed hosting provider, like Serenity-Networks. But, if you want to build the fastest web server on earth, continue reading.

There are plenty of Linux Distributions out there that will work just fine. I prefer CentOS and Ubuntu. For this guide, I’ll be using Ubuntu 14.04 LTS (Long Term Support). This OS will be supported for many years, with security updates. That’s good, especially for a server. If you don’t have it, go to http://www.ubuntu.org and go to downloads, then server. Be sure to select the 14.04 LTS version.

Now, assuming you have done a minimal install of Ubuntu 14.04, with only OpenSSH selected for packages (for remote SSH connection, obviously), we will be using some commonly known building blocks to turn this into a very fast web server.

NGINX Web Server – Many THOUSANDS of the fastest sites in the world use it. It’s the best.

HHVM – This is a very high performance virtual machine that takes care of processing PHP (as well as HACK). Because it turns PHP into machine language, very quickly, it can really speed things up.

MySQL – Kind of boring, but every site needs a database, so we’ll use this one.

As you’ve probably heard me say before, if you have a public facing Linux server, meaning one or more open or forwarded ports, Fail2Ban absolutely must be installed. Fail2Ban monitors log files for excessive login attempts, also called Brute Force attacks. They are extremely common place on the internet. I have never had a public facing server that has gone more than a few days without some hacker trying to brute force it. These attacks go like this. Someone writes a script, or uses a program, that reads a bunch of possible usernames from a text file that has nothing but millions of usernames. There is also a text file with millions of passwords. The script will attempt to go through all username and password combinations until it finds one that can login successfully. Obviously, if you get a hundred or more login attempts from one IP address, nothing good will ever come from that IP so it pretty safe to assume it should be blocked, at least for some period of time.

Fail2Ban does precisely this. It constantly watches any log file you tell it to watch, and when a certain number of login attempts are logged from an IP address, Fail2Ban will automatically create an iptables rule to block all traffic from that IP address for a given period of time. Because brute force attacks take a long, long time, blocking one early on pretty much eliminates the possibility of a successful attack. SSH is the most common service / port for brute force attacks, from my experience. With FTP and POP3 (email) coming in second and third. It’s a no-brainer to set up Fail2Ban to automatically block attacks. It gives you much needed protection and security for your servers. So, here we go.

How to Install Fail2Ban on Ubuntu 14.04 LTS (Trusty)

First and foremost, let’s make sure apt is updated.

# sudo apt-get update

Now we can install Fail2Ban. Since there is an aptitude package already, we will use that to install.

# sudo apt-get install fail2ban

Surprisingly, that’s all you need to do to install it. You do, however, need to edit the main configuration file for Fail2Ban, which is jail.conf. Lets go ahead and open it up with nano and take a look.

If you’ve read my other recent posts, you’ve probably notice I’ve been spending a lot of time with different cloud architectures. My previous guide on using DevStack to deploy a fully functional OpenStack environment on a single server was fairly involved, but not too bad. I’ve read quite a bit about Ubuntu OpenStack and it seems that Canonical has spent a lot of energy development their spin on it. So, now I want to set up Ubuntu OpenStack. All of Ubuntu’s official documentation and guides state a minimum requirement of 7 machines (server). However, although I could probably round up 7 machines, I really do not want to spend that much effort and electricity. After scouring the internet for many hours, I finally found some obscure documentation stating that Ubuntu OpenStack could in fact be installed on a single machine. It does need to be a pretty powerful machine; the minimum recommended specifications are:

8 CPUs (4 hyperthreaded will do just fine)

12GB of RAM (the more the merrier)

100GB Hard Drive (I highly recommend an SSD)

With the minimum recommended specs being what they are, my little 1u server may or may not make the cut, but I really don’t want to take any chances. I’m going to use another server, a much larger 4u, to do this. Here are the specs of the server I’m using:

Supermicro X7DAL Motherboard

Xeon W5580 4 Core CPU (8 Threads)

12GB DDR3 1333MHz ECC Registered RAM

256GB Samsung SSD

80GB Western Digital Hard Drive

I have installed Ubuntu 14.04 LTS, with OpenSSH Server being the only package selected during installation. So, if you have a machine that is somewhat close to the minimum recommended specs, go ahead and install Ubuntu 14.04 LTS. Be sure to run a sudo apt-get upgrade before proceeding.

Lets Get Started

First, we need to add the OpenStack installer ppa. Then, we need to update app. Do the following:

I have a server dedicated to the purpose of hosting an ownCloud instance. OwnCloud 8 to be exact. It’s an Ubuntu 14.04 LTS virtual machine, on an ESXi 5 hypervisor. This is my own server, and not any sort of revenue generating customer service. It has become a “Dropbox” replacement for myself, and a few select friends and family. Recently, I found the original 1TB I allocated to be filling up quickly. So, I started doing some google searches to see how I could go about resizing, or expanding, an LVM group (like a partition). I found an enormous wealth of information, much of it conflicting. As I started going through a guide, that closely matched my configuration (everything was the same, actually, except the size of the disk), I instantly faced problems with commands not working. It was frustrating. Eventually I navigated through it and successfully expanded the Logical Volume. I figured I would go ahead and document my troubles so that I can make others lives a little easier.

Firstly, you need to run a couple commands to see what you’re working with. These commands are df and fdisk -l. You should see something like this: